Using Components with Known Vulnerabilities
The InsecureShop app contains a vulnerable library that allows any third-party app on the device to steal any file from the app's local storage and send this file to the arbitrary domain.
Hint: Checkout the Hackerone disclosures. One of the publicly disclosed report on Hackerone talks about this vulnerability and how this can be exploited.